mirror/webgui
1
0
Fork 0
mirror of https://github.com/unraid/webgui.git synced 2026-04-30 14:59:22 -05:00
Code Issues Packages Projects Releases Wiki Activity

Shares: enhancements and removal of csrf exposure

Browse Source
This commit is contained in:
bergware
2023-04-29 16:57:52 +02:00
parent 3ee6384e90
commit ddbbadedcb
6 changed files with 136 additions and 126 deletions
Download Patch File Download Diff File Expand all files Collapse all files
plugins/dynamix/include/DiskList.php
+22 -29
View File
@@ -13,24 +13,27 @@
<?
$docroot = $docroot ?? $_SERVER['DOCUMENT_ROOT'] ?: '/usr/local/emhttp';
require_once "$docroot/webGui/include/Helpers.php";
// add translations
$_SERVER['REQUEST_URI'] = 'shares';
require_once "$docroot/webGui/include/Translations.php";
require_once "$docroot/webGui/include/Helpers.php";
$compute = rawurldecode(_var($_POST,'compute'));
$path = rawurldecode(_var($_POST,'path'));
$all = _var($_POST,'all');
$shares = parse_ini_file('state/shares.ini',true);
$disks = parse_ini_file('state/disks.ini',true);
$var = parse_ini_file('state/var.ini');
$sec = parse_ini_file('state/sec.ini',true);
$sec_nfs = parse_ini_file('state/sec_nfs.ini',true);
$compute = unscript(_var($_GET,'compute'));
$path = unscript(_var($_GET,'path'));
$fill = unscript(_var($_GET,'fill'));
$display = [];
$display['scale'] = unscript(_var($_GET,'scale'));
$display['number'] = unscript(_var($_GET,'number','.,'));
// exit when no disks
$nodisks = "<tr><td class='empty' colspan='7'><i class='fa fa-folder-open-o icon'></i>"._('There are no exportable disk shares')."</td></tr>";
if (!$disks) die($nodisks);
// GUI settings
extract(parse_plugin_cfg('dynamix',true));
// Display export settings
function disk_share_settings($protocol,$share) {
@@ -38,40 +41,35 @@ function disk_share_settings($protocol,$share) {
if ($protocol!='yes' || _var($share,'export')=='-') return "-";
return (_var($share,'export')=='e') ? _(ucfirst(_var($share,'security'))) : '<em>'._(ucfirst(_var($share,'security'))).'</em>';
}
function globalInclude($name) {
global $var;
return substr($name,0,4)!='disk' || !_var($var,'shareUserInclude') || strpos(_var($var,'shareUserInclude').",","$name,")!==false;
}
function shareInclude($name) {
global $include;
return !$include || substr($name,0,4)!='disk' || strpos("$include,", "$name,")!==false;
}
function sharesOnly($disk) {
return in_array(_var($disk,'type'),['Data','Cache']) && _var($disk,'exportable')=='yes';
}
// filter disk shares
$disks = array_filter($disks,'sharesOnly');
// Compute all disk shares & check encryption
// Compute disk shares & check encryption
$crypto = false;
foreach ($disks as $name => $disk) {
if ($compute=='yes') exec("webGui/scripts/disk_size ".escapeshellarg($name)." ssz2");
if ($all!=0 && (!$compute || $compute==$name)) exec("/$docroot/webGui/scripts/disk_size ".escapeshellarg($name)." ssz2");
$crypto |= strpos(_var($disk,'fsType'),'luks:')!==false;
}
// global shares include/exclude
$myDisks = array_filter(array_diff(array_keys($disks), explode(',',_var($var,'shareUserExclude'))), 'globalInclude');
// Share size per disk
$ssz2 = [];
if ($fill)
foreach (glob("state/*.ssz2", GLOB_NOSORT) as $entry) $ssz2[basename($entry, ".ssz2")] = file($entry,FILE_IGNORE_NEW_LINES|FILE_SKIP_EMPTY_LINES);
else
if ($all==0)
exec("rm -f /var/local/emhttp/*.ssz2");
else
foreach (glob("state/*.ssz2",GLOB_NOSORT) as $entry) $ssz2[basename($entry,'.ssz2')] = file($entry,FILE_IGNORE_NEW_LINES|FILE_SKIP_EMPTY_LINES);
// Build table
$row = 0;
@@ -95,7 +93,7 @@ foreach ($disks as $name => $disk) {
echo "<td>",disk_share_settings(_var($var,'shareNFSEnabled'), $sec_nfs[$name]),"</td>";
$cmd="/webGui/scripts/disk_size&arg1=$name&arg2=ssz2";
$type = _var($disk,'rotational') ? _('HDD') : _('SSD');
if (array_key_exists($name, $ssz2)) {
if (array_key_exists($name,$ssz2)) {
echo "<td>$type</td>";
echo "<td>",my_scale(_var($disk,'fsSize',0)*1024, $unit)," $unit</td>";
echo "<td>",my_scale(_var($disk,'fsFree',0)*1024, $unit)," $unit</td>";
@@ -103,28 +101,23 @@ foreach ($disks as $name => $disk) {
foreach ($ssz2[$name] as $entry) {
[$sharename,$sharesize] = my_explode('=',$entry);
if ($sharename=='share.total') continue;
$include = _var($shares[$sharename],'include');
$inside = in_array(_var($disk,'name'), array_filter(array_diff($myDisks, explode(',',_var($shares[$sharename],'exclude'))), 'shareInclude'));
echo "<tr class='",($inside ? "'>" : "warning'>");
echo "<td><a class='view'></a><a href=\"/update.htm?cmd=$cmd&csrf_token={$var['csrf_token']}\" target=\"progressFrame\" title=\"";
echo _('Recompute'),"...\" onclick='$.cookie(\"ssz\",\"ssz\",{path:\"/\"});$(\".disk-$row-1\").html(\"",_('Please wait'),"...\");$(\".disk-$row-2\").html(\"\");'><i class='fa fa-refresh icon'></i></a>&nbsp;$sharename</td>";
echo "<td><a class='view'></a><a href='#' title='",_('Recompute'),"...' onclick=\"computeDisk('",rawurlencode($name),"',$(this).parent())\"><i class='fa fa-refresh icon'></i></a>&nbsp;$sharename</td>";
echo "<td>",($inside ? "" : "<em>"._('Share is outside the list of designated disks')."</em>"),"</td>";
echo "<td></td>";
echo "<td></td>";
echo "<td></td>";
echo "<td class='disk-$row-1'>",my_scale($sharesize, $unit)," $unit</td>";
echo "<td class='disk-$row-2'>",my_scale(_var($disk,'fsFree',0)*1024, $unit)," $unit</td>";
echo "<td>",my_scale($sharesize, $unit)," $unit</td>";
echo "<td>",my_scale(_var($disk,'fsFree',0)*1024, $unit)," $unit</td>";
echo "</tr>";
}
} else {
echo "<td>$type</td>";
echo "<td><a href=\"/update.htm?cmd=$cmd&csrf_token={$var['csrf_token']}\" target=\"progressFrame\" onclick=\"$.cookie('ssz','ssz');$(this).text('";
echo _('Please wait'),"...')\">",_('Compute'),"...</a></td>";
echo "<td><a href='#' onclick=\"computeDisk('",rawurlencode($name),"',$(this))\">",_('Compute'),"...</a></td>";
echo "<td>",my_scale(_var($disk,'fsFree',0)*1024, $unit)," $unit</td>";
echo "</tr>";
}
}
if ($row==0) {
echo "<tr><td colspan='7' style='text-align:center;padding-top:12px'><i class='fa fa-folder-open-o icon'></i>",_('There are no exportable disk shares'),"</td></tr>";
}
if ($row==0) echo $nodisks;
?>
plugins/dynamix/include/ShareList.php
+41 -40
View File
@@ -14,7 +14,18 @@
$docroot = $docroot ?? $_SERVER['DOCUMENT_ROOT'] ?: '/usr/local/emhttp';
if (isset($_POST['scan'])) {
die((new \FilesystemIterator("/mnt/user/{$_POST['scan']}"))->valid() ? '0' : '1');
die((new FilesystemIterator("/mnt/user/{$_POST['scan']}"))->valid() ? '0' : '1');
}
if (isset($_POST['cleanup'])) {
$n = 0;
// active shares
$shares = array_keys(parse_ini_file('state/shares.ini',true));
// stored shares
foreach (glob("/boot/config/shares/*.cfg",GLOB_NOSORT) as $name) {
if (!in_array(basename($name,'.cfg'),$shares)) {$n++; unlink($name);}
}
// return number of deleted files
die((string)$n);
}
// add translations
@@ -22,27 +33,26 @@ $_SERVER['REQUEST_URI'] = 'shares';
require_once "$docroot/webGui/include/Translations.php";
require_once "$docroot/webGui/include/Helpers.php";
$compute = rawurldecode(_var($_POST,'compute'));
$path = rawurldecode(_var($_POST,'path'));
$all = _var($_POST,'all');
$shares = parse_ini_file('state/shares.ini',true);
$disks = parse_ini_file('state/disks.ini',true);
$var = parse_ini_file('state/var.ini');
$sec = parse_ini_file('state/sec.ini',true);
$sec_nfs = parse_ini_file('state/sec_nfs.ini',true);
$compute = unscript(_var($_GET,'compute'));
$path = unscript(_var($_GET,'path'));
$fill = unscript(_var($_GET,'fill'));
$display = [];
$display['scale'] = unscript(_var($_GET,'scale'));
$display['number'] = unscript(_var($_GET,'number','.,'));
$display['raw'] = unscript(_var($_GET,'raw'));
// exit when no shares
$noshares = "<tr><td class='empty' colspan='7'><i class='fa fa-folder-open-o icon'></i>"._('There are no exportable user shares')."</td></tr>";
if (!$shares) die($noshares);
// GUI settings
extract(parse_plugin_cfg('dynamix',true));
$pools_check = pools_filter(cache_filter($disks));
$pools = implode(',', $pools_check);
if (!$shares) {
echo "<tr><td colspan='7' style='text-align:center;padding-top:12px'><i class='fa fa-folder-open-o icon'></i>",_('There are no exportable user shares'),"</td></tr>";
exit;
}
// Natural sorting of share names
uksort($shares,'strnatcasecmp');
@@ -52,33 +62,29 @@ function user_share_settings($protocol,$share) {
if ($protocol!='yes' || $share['export']=='-') return "-";
return ($share['export']=='e') ? _(ucfirst($share['security'])) : '<em>'._(ucfirst($share['security'])).'</em>';
}
function globalInclude($name) {
global $var;
return substr($name,0,4)!='disk' || !$var['shareUserInclude'] || strpos("{$var['shareUserInclude']},","$name,")!==false;
}
function shareInclude($name) {
global $include;
return !$include || substr($name,0,4)!='disk' || strpos("$include,", "$name,")!==false;
}
// Compute all user shares & check encryption
// Compute user shares & check encryption
$crypto = false;
foreach ($shares as $name => $share) {
if ($compute=='yes') exec("webGui/scripts/share_size ".escapeshellarg($name)." ssz1 ".escapeshellarg($pools));
$crypto |= $share['luksStatus']>0;
if ($all!=0 && (!$compute || $compute==$name)) exec("$docroot/webGui/scripts/share_size ".escapeshellarg($name)." ssz1 ".escapeshellarg($pools));
$crypto |= _var($share,'luksStatus',0)>0;
}
// global shares include/exclude
$myDisks = array_filter(array_diff(array_keys($disks), explode(',',$var['shareUserExclude'])), 'globalInclude');
// Share size per disk
$ssz1 = [];
if ($fill)
foreach (glob("state/*.ssz1", GLOB_NOSORT) as $entry) $ssz1[basename($entry, ".ssz1")] = parse_ini_file($entry);
else
if ($all==0)
exec("rm -f /var/local/emhttp/*.ssz1");
else
foreach (glob("state/*.ssz1",GLOB_NOSORT) as $entry) $ssz1[basename($entry,'.ssz1')] = parse_ini_file($entry);
// Build table
$row = 0;
@@ -95,19 +101,16 @@ foreach ($shares as $name => $share) {
case 2: $luks = "<a class='info' onclick='return false'><i class='padlock fa fa-unlock-alt orange-text'></i><span>"._('Some or all files unencrypted')."</span></a>"; break;
default: $luks = "<a class='info' onclick='return false'><i class='padlock fa fa-lock red-text'></i><span>"._('Unknown encryption state')."</span></a>"; break;
} else $luks = "";
echo "<tr><td><a class='view' href=\"/$path/Browse?dir=/mnt/user/",urlencode($name),"\"><i class=\"icon-u-tab\" title=\"",_('Browse')," /mnt/user/".urlencode($name),"\"></i></a>";
echo "<tr><td><a class='view' href=\"/$path/Browse?dir=/mnt/user/",rawurlencode($name),"\"><i class=\"icon-u-tab\" title=\"",_('Browse')," /mnt/user/".rawurlencode($name),"\"></i></a>";
echo "<a class='info nohand' onclick='return false'><i class='fa fa-$orb orb $color-orb'></i><span style='left:18px'>$help</span></a>$luks<a href=\"/$path/Share?name=";
echo urlencode($name),"\" onclick=\"$.cookie('one','tab1')\">",compress($name),"</a></td>";
echo rawurlencode($name),"\" onclick=\"$.cookie('one','tab1')\">",compress($name),"</a></td>";
echo "<td>{$share['comment']}</td>";
echo "<td>",user_share_settings($var['shareSMBEnabled'], $sec[$name]),"</td>";
echo "<td>",user_share_settings($var['shareNFSEnabled'], $sec_nfs[$name]),"</td>";
$cmd="/webGui/scripts/share_size&arg1=".urlencode($name)."&arg2=ssz1&arg3=".urlencode($pools);
/* Check for non existent pool device. */
if ($share['cachePool']) {
if (! in_array($share['cachePool'], $pools_check)) {
$share['useCache'] = "no";
}
}
// Check for non existent pool device
if (isset($share['cachePool']) && !in_array($share['cachePool'], $pools_check)) $share['useCache'] = "no";
switch ($share['useCache']) {
case 'no':
$cache = "<a class='hand info none' onclick='return false'><i class='fa fa-database fa-fw'></i>"._('Array')."<span>".sprintf(_('Primary storage %s'),_('Array'))."</span></a>";
@@ -123,7 +126,7 @@ foreach ($shares as $name => $share) {
$cache = "<a class='hand info none' onclick='return false'><i class='fa fa-bullseye fa-fw'></i>$exclusive".compress(my_disk($share['cachePool'],$display['raw']))."<span>".sprintf(_('Primary storage %s'),$share['cachePool']).($exclusive ? ", "._('Exclusive access') : "")."</span></a>";
break;
}
if (array_key_exists($name, $ssz1)) {
if (array_key_exists($name,$ssz1)) {
echo "<td>$cache</td>";
echo "<td>",my_scale($ssz1[$name]['disk.total'], $unit)," $unit</td>";
echo "<td>",my_scale($share['free']*1024, $unit)," $unit</td>";
@@ -133,23 +136,21 @@ foreach ($shares as $name => $share) {
$include = $share['include'];
$inside = in_array($diskname, array_filter(array_diff($myDisks, explode(',',$share['exclude'])), 'shareInclude'));
echo "<tr class='",($inside ? "'>" : "warning'>");
echo "<td><a class='view'></a><a href=\"/update.htm?cmd=$cmd&csrf_token={$var['csrf_token']}\" target=\"progressFrame\" title=\"";
echo _('Recompute'),"...\" onclick='$.cookie(\"ssz\",\"ssz\",{path:\"/\"});$(\".share-$row-1\").html(\"",_('Please wait'),"...\");$(\".share-$row-2\").html(\"\");'><i class='fa fa-refresh icon'></i></a>&nbsp;",_(my_disk($diskname,$display['raw']),3),"</td>";
echo "<td><a class='view'></a><a href='#' title='",_('Recompute'),"...' onclick=\"computeShare('",rawurlencode($name),"',$(this).parent())\"><i class='fa fa-refresh icon'></i></a>&nbsp;",_(my_disk($diskname,$display['raw']),3),"</td>";
echo "<td>",($inside ? "" : "<em>"._('Share is outside the list of designated disks')."</em>"),"</td>";
echo "<td></td>";
echo "<td></td>";
echo "<td></td>";
echo "<td class='share-$row-1'>",my_scale($disksize, $unit)," $unit</td>";
echo "<td class='share-$row-2'>",my_scale($disks[$diskname]['fsFree']*1024, $unit)," $unit</td>";
echo "<td>",my_scale($disksize, $unit)," $unit</td>";
echo "<td>",my_scale($disks[$diskname]['fsFree']*1024, $unit)," $unit</td>";
echo "</tr>";
}
} else {
echo "<td>$cache</td>";
echo "<td><a href=\"/update.htm?cmd=$cmd&csrf_token={$var['csrf_token']}\" target=\"progressFrame\" onclick=\"$.cookie('ssz','ssz');$(this).text('",_('Please wait')."...')\">",_('Compute'),"...</a></td>";
echo "<td><a href='#' onclick=\"computeShare('",rawurlencode($name),"',$(this))\">",_('Compute'),"...</a></td>";
echo "<td>",my_scale($share['free']*1024, $unit)," $unit</td>";
echo "</tr>";
}
}
if ($row==0) {
echo "<tr><td colspan='7' style='text-align:center;padding-top:12px'><i class='fa fa-folder-open-o icon'></i>",_('There are no exportable user shares'),"</td></tr>";
}
if ($row==0) echo $noshares;
?>